Hello,
In this scenario, our SiteMinder is the SAML IDP and we have three separate SAML SSO configuration/setup with a single SAML SP partner. The SAML SP partner has one single SAML ACS, but we are setting up three separate SAML IDP to connect to this SP partner.
On our SiteMinder IDP side, we configured three unique SAML SP entity ID. The problem we run into is that our SAML SP partner requires that the value of the "audience" to match with the SP ACS. From our SiteMinder IDP, we configure the "Audience" field with the value of the SAML SP ACS, but the "SP entity ID" value will also become an additional "audience" value and therefore the SAML assertion will have two "audience" values.
</ns2:Subject> <ns2:Conditions NotBefore="2017-07-26T19:01:08Z" NotOnOrAfter="2017-07-26T19:03:08Z"> <ns2:AudienceRestriction> <ns2:Audience>[this-value-came-from-the-"Audience" field</ns2:Audience> </ns2:AudienceRestriction> <ns2:AudienceRestriction> <ns2:Audience>[This-value-came-from-the-"SP Entity ID" field</ns2:Audience> </ns2:AudienceRestriction> </ns2:Conditions>
Is there a way to tell SiteMinder to NOT send the value of the "SP Entity ID" as an "audience" value in the SAML assertion "Audience Restriction" element?